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CLAIMS 

What is claimed is: 

1. A key distribution method applied in the Next Generation Network comprising a 
terminal, a soft switch and an authentication center, comprising steps of: 

a) the terminal sending a registration request message to the soft switch for a 
registration; 

b) the soft switch sending the authentication request message to the authentication 
center for the authentication for the terminal; and 

c) the authentication center authenticating the terminal, generating a session key for 
the terminal and the soft switch, and upon a successfiil registration authentication, sending the 
session key to the soft switch so as to be distributed to the terminal. 

2. The key distribution method according to claim 1, wherein in step c), the 
authentication center authenticates the terminal through steps of: 

cl) the authentication center generating a first verification word for the terminal 
according to a key Kc shared with the terminal, encrypting flie session key with the shared 
key Kc, and returning the encrypted session key and the first verification word to the soft 
switch; 

c2)the soft switch returning a registration failure response message to the terminal 
to notify the terminal of a registration failure; 

c3) the terminal generating a second verification word according to the key Kc 
shared with the authentication center, and sending a registration message containing flie 
second verification word to the soft switch for a registration again; and 

c4) the soft switch authenticating the terminal according to the first verification 
word and the second verification word. 

3. The key distribution method according to claim 2, wherein in step c), the soft 
switch distributes the session key to the terminal through steps of: 

c5)the soft switch retuming to the terminal a registration success response message 
containing the session key encrypted with the shared key Kc, and sending a terminal 
aulhenticatiion success message to the authentication center; and 
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c6)the tenninal decrypting the session key encrypted by the authentication center 
according to the shared key Kc. 

4. The key distribution method according to claim 3, wherein the method further 
comprises steps of: 

5 the terminal sending to the soft switch a list of security mechanisms supported by 

the terminal and priority information of each security mechanism; 

the soft switch choosing an appropriate security mechanism for communication 
according to the list of security mechanisms and the priority information of each security 
mechanism of the terminal. 

10 5. The key distribution method according to any one of claims 1-4, wherein the 

registration request message and the registration message are SIP protocol registration 
messages, the registration failure response message is a SIP protocol response message, and 
the registration success response message is a SIP protocol registration request success 
message. 

15 6. The key distribution method according to any one of claims 1-4, wherein the 

registration request message is a system restart message and a corresponding response 
message in the MGCP protocol, the registration failure response message and the registration 
success response message are a notification request message and a corresponding response 
message in tiie MGCP protocol, and the registration message comprises a notification 

20 message and a corresponding response message in tiie MGCP protocol. 

7. The key distribution method according to any one of claims 1-4, wherein the 
registration request message comprises a system service status change message and a 
corresponding response message in the H.248 protocol, the registration failure response 
message and the registration success response message are an attribute modification message 

25 and a corresponding response message in flie H.248 protocol, and the registration message 
comprises a notification message and a corresponding response message in the H.248 
protocol. 

8. The key distribution method according to any one of claims 1-4, wherein the 
registration request message is a gatekeeper request message m the H.323 protocol, the 

30 registration failure response message is a gatekeeper rejection message in the H.323 protocol, 
the registration message is a registration request message in the H.323 protocol, and the 
registration success response message is a registration success message in the H.323 protocol. 

9. A key distribution method applied in the Next Generation Network comprising a 
tenninal, a signaling proxy, a soft switch and an authentication center, comprising steps of: 
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a) the terminal sending a registration request message through the signaling proxy 
to the soft switch for a registration; 

b) the soft switch sending the authentication request message to the authentication 
center for the authentication for the terminal; and 

5 c) the authentication center authenticating the terminal, generating a session key for 

ttie terminal and the signaling proxy, and upon a successftil registration authentication, 
sending the session key to the soft switch so as to be distributed through the signaling proxy 
to the terminal. 

10. The key distribution method according to claim 9, wherein in step c), the 
1 0 authentication center authenticates the terminal through steps of: 

cl) the authentication center generating a first verification word for the terminal 
according to a key Kc shared with the terminal and a key Ksp shared with the signaling proxy, 
encrypting the session key respectively with the shared key Kc and the shared key Ksp, and 
returning the encrypted session key and the first verification word to the soft switch; 

15 c2)the soft switch returning a registration failure response message through the 

signaling proxy to the terminal to notify the terminal of a registration failure; 

c3) the terminal generating a second verification word according to the key Kc 
shared with the authentication center, and sending a registration message containing the 
second verification word to the signaling proxy to be forwarded to the soft switch for a 
20 registration again; and 

c4) the soft switch authenticating the terminal according to the first verification 
word and the second verification word. 

11. The key distribution method according to claim 10, wherein in step c), the soft 
switch distributes the session key to the terminal through steps of: 

25 c5)fhe soft switch forwarding to the signaling proxy a terminal registration success 

response message containing the session key encrypted by the authentication center 
respectively with the shared keys Kc and Ksp, and the signaling proxy decrypting with the 
shared key Ksp the session key encrypted by the authentication center with the shared key 
Ksp, calculating a message verification word for the registration success response message 

30 with the decrypted session key, and forwarding to the terminal the registration success 
response message containing tiie message verification word and the session key encrypted 
with the shared key Kc; and 

C6) the terminal decrypting the session key encrypted by the authentication 
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center according to the shared key Kc, and authenticating with the decrypted session key the 
message authentication word of the message returned from the signaling proxy so as to 
authenticate an identity of the signaling proxy, an integrity of the message and whether 
security mechanism parameters of the terminal returned from the signaHng proxy are correct. 

5 12. The key distribution method according to claim 11, wherein the method further 

comprises steps of: the terminal sending to the signaling proxy a list of security mechanisms 
supported by the terminal and priority information of each security mechanism, and the 
signaling proxy choosing an appropriate security mechanism for communication according to 
the security mechanisms supported by the terminal and the priority information of each 
1 0 security mechanism. 

13. The key distribution method according to any one of claims 9-12, wherein the 
registration request message and the registration message are SIP protocol registration 
messages, the registration failure response message is a SIP protocol response message, and 
the registration success response message is a SIP protocol registration request success 
1 5 message. 



14. The key distribution method according to any one of claims 9-12, wherein the 
registration request message comprises a system restart message and a corresponding 
response message in the MGCP protocol, the registration failure response message and the 
registration success response message are. a notification request message and a corresponding 

20 response message in the MGCP protocol, and the registration message comprises a 
notification message and a corresponding response message in the MGCP protocol. 

15. The key distribution method according to any one of claims 9-12, wherein the 
registration request message comprises a system service status change message and a 
corresponding response message in the H.248 protocol, the registration failure response 

25 message and the registration success response message are an attribute modification message 
and a corresponding response message in the H.248 protocol, and the registration message 
comprises a notification message and a corresponding response message in the H.248 
protocol. 

16. The key distribution method according to any one of claims 9-12, wherein the 
30 registration request message is a gatekeeper request message m the H.323 protocol, the 

registration failure response message is a gatekeeper rejection message in the H.323 protocol, 
the registration message is a registration request message in the H.323 protocol, and the 
registration success response message is a registration success message in the H.323 protocol. 
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